Computers as collaborators
Modern organizations are full of computers and a few employees will break the law. It's inevitable that some inappropriate activities, such as child pornography, threatening letters, fraud, and theft of intellectual property will involve computers and leave digital tracks.

Sleuths investigating these crimes will sift through gigabytes of data looking for specific keywords. They'll also retrieve deleted files and examine log files to see what happened at certain times.

The goal of the investigation is to provide conclusive evidence that a specific person did a specific thing. Forensic investigations can also reassure an employer that an employee did not commit the illegal act.

Computers as victims
When a computer is the victim of a crime, the investigation is commonly referred to as "incident response." When systems are remotely attacked, it's important to understand what happened so that future actions can be prevented. More and more, companies and law enforcement agencies want to prosecute those who are responsible. Law enforcement needs to send the following message: "What you are doing is wrong, it hurts innocent people, and it will not be tolerated."

How can I tell if my computer was used in a crime?
You think a computer may have been used in a crime. Ask yourself the following questions.

• Was the computer system instrumental in committing a crime?
• Was it used to hack into another system?
• Was it used to send inappropriate material like trade secrets or harassment mail?
• Is the computer being used to store evidence of a crime?
• Is a drug dealer or bookie maintaining "customer" records on it?
• Does it contain intellectual property that the normal user is not authorized to have?

If the answer to any of those questions is yes, then you could have a computer crime on your hands.